certprofile: add option to export profile config

Add the `--out=FILENAME' option to `certprofile-show'.  When given,
it exports the profile configuration from Dogtag and writes it to
the named file.

Fixes: https://fedorahosted.org/freeipa/ticket/5091
Reviewed-By: Martin Basti <mbasti@redhat.com>

API.txt

@@ -747,9 +747,10 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: certprofile_show
-args: 1,4,3
+args: 1,5,3
 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('out?')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Flag('rights', autofill=True, default=False)
 option: Str('version?', exclude='webui')

VERSION

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=139
+IPA_API_VERSION_MINOR=140
-# Last change: edewata - added ipaVaultPublicKey attribute
+# Last change: ftweedal: add certprofile-show --out option

ipalib/plugins/certprofile.py

@@ -5,7 +5,7 @@
 import re
 
 from ipalib import api, Bool, File, Str
-from ipalib import output
+from ipalib import output, util
 from ipalib.plugable import Registry
 from ipalib.plugins.virtual import VirtualCommand
 from ipalib.plugins.baseldap import (
@@ -175,9 +175,42 @@ class certprofile_find(LDAPSearch):
 class certprofile_show(LDAPRetrieve):
     __doc__ = _("Display the properties of a Certificate Profile.")
 
-    def execute(self, *args, **kwargs):
+    has_output_params = LDAPRetrieve.has_output_params + (
+        Str('config',
+            label=_('Profile configuration'),
+        ),
+    )
+
+    takes_options = LDAPRetrieve.takes_options + (
+        Str('out?',
+            doc=_('Write profile configuration to file'),
+        ),
+    )
+
+    def execute(self, *keys, **options):
         ca_enabled_check()
-        return super(certprofile_show, self).execute(*args, **kwargs)
+        result = super(certprofile_show, self).execute(*keys, **options)
+
+        if 'out' in options:
+            with self.api.Backend.ra_certprofile as profile_api:
+                result['result']['config'] = profile_api.read_profile(keys[0])
+
+        return result
+
+    def forward(self, *keys, **options):
+        if 'out' in options:
+            util.check_writable_file(options['out'])
+
+        result = super(certprofile_show, self).forward(*keys, **options)
+        if 'out' in options and 'config' in result['result']:
+            with open(options['out'], 'w') as f:
+                f.write(result['result'].pop('config'))
+            result['summary'] = (
+                _("Profile configuration stored in file '%(file)s'")
+                % dict(file=options['out'])
+            )
+
+        return result
 
 
 @register()

ipaserver/plugins/dogtag.py

@@ -2081,6 +2081,14 @@ class ra_certprofile(RestClient):
             body=profile_data
         )
 
+    def read_profile(self, profile_id):
+        """
+        Read the profile configuration from Dogtag
+        """
+        status, status_text, resp_headers, resp_body = self._ssldo(
+            'GET', profile_id + '/raw')
+        return resp_body
+
     def enable_profile(self, profile_id):
         """
         Enable the profile in Dogtag